What is Security Onion :
-Security Onion is a Linux distro for IDS (Intrusion Detection and NSM (Network Security Monitoring).
- Developed by Doug Burks.
-Designed to make deploying complex open source tools via a single package.
(Snort, Suricata, Sguil, Snorby, etc.)
- Allows the choice of IDS engine, analyst console, web interfaces.
- Free (Open Source) !!
What in the Onion
Over 60 custom tools
Snort – Signature based IDS
Sguil – Security analyst console
Squert - View HIDS/NIDS alerts and HTTP logs
Snorby - View and annotate IDS alerts
ELSA - Search logs (IDS, Bro and syslog)
Bro - Powerful network analysis framework with highly detailed logs
OSSEC - Monitors local logs, file integrity & rootkits
"Network security monitoring is the collection, analysis, and escalation of indications and warnings to detect and respond to intrusions.“
Installation of Security Onion :
Installation of onion is simple , but takes time to install a pretty bunch of tools within it.
You can find the installation procedure in the below link.
This is the final GUI after an successful installation
Why Security Onion
- A complete set of Network Monitoring linux distro provides a better lookout for the network analysts.
- Since its free, its feasible for the small organization for their network analysis.
- Easy to install and use.
Where do we go now
You can find videos for more on Security Onion